8月属于注定是网络安全的月份,从这周开始安全会议不断,Blackhat、Defcon、CNCERT的年会、阿里网络安全生态会、Kcon、腾讯CSS峰会、Xcon、微步情报大会。可能由于国内的已经够多了,今年似乎没有看到太多blackhat的报道,所以只能靠自己凑合看了下。Blachat会议两天一共118个议题,214个演讲者。过了一遍议题简介第一个感受是黑客的世界仍然保持着无比精彩,安全不仅仅是AI,不仅仅是ML,即便还是Web,二进制这些领域,其研究的要素组件都是前所未有的,科技化使生活的越来越精彩丰富便利,而黑客的眼里这都一片全新的领域而且在其中还游刃有余。另外一个新奇点是,不知道从什么时候开始,竟然多了这么多关注搬砖工程师心理健康的方面的议题。
万能的google翻译几乎已经可以大概说明白议题的大概方向了,这里就不一一介绍了。今年特别关注了一下演讲人,这里简单的归为三类,甲方科技巨头、乙方安全公司、第三方组织(政府机构、学校、研究组织、独立研究者等等)
总体来说还是乙方的人数较多,但是出现了很多不同类型的领域的厂商了。如今已经不是清一色的杀毒厂商或者NGFW厂商了。Fireeye似乎也不见了踪影。排除了独立研究人员之后的top10演讲人员组织,可以此了解一下有意思的一些新晋安全厂商或者甲方的最佳实践。
演讲组织 |
演讲人数 |
Microsoft |
10 |
Riscure |
9 |
Tencent Keen Security Lab |
8 |
6 |
|
Graz University of Technology |
6 |
EURECOM |
5 |
IBM Research |
5 |
Duo Security |
4 |
Endgame |
4 |
Global Commission on the Stability of Cyberspace |
4 |
KAIST |
4 |
Positive Technologies |
4 |
其他的乙方公司按演讲顺序简单整理如下,可以感受一下还有剩多少是熟悉的面孔。
VirusBay
Kaspersky
GoSecure
Endgame
Duo Security
Sophos
Riscure
Trail of Bits
Leviathan Security Group
Nozomi Networks
DarkMatter
ZwillGen PLLC
River Loop Security
Eclypsium
PwC
Trimarc
SpecterOps
Immunity Inc
Shostack & Associates
DEVCORE
leveldown security
Cylance Inc
NewAE Technology Inc
Trustwave SpiderLabs
Dragos Inc
Digita Security
Terbium Labs
Cymptom
Positive Technologies
F5 Networks
CrowdStrike Inc
Winsider Seminars & Solutions
Quarkslab
Fleetsmith
Forcepoint
Hex-Rays SA
Lookout
IBM Research
Threatcare
Cisco
NCC Group
G DATA Advanced Analytics
McAfee
IOActive
ForAllSecure
RSM Partners
PortSwigger Web Security
Bastille Networks
Whitescope
QED
HORNE Cyber
Secarma Ltd
Red Sky Solutions,LLC
RSA Security
Tripwire VERT
时间仓促就未对厂商类型再做进一步分类分析了。最后附上议题,供各位与会者参考一下,同一个时间段有上10个议题,也就只能选一个方向听一下了。
Keynote |
Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes |
WEDNESDAY | 9:00AM |
AWS上检测凭证被窃 |
Detecting Credential Compromise in AWS |
WEDNESDAY | 10:30AM |
识别online scanners |
Dissecting Non-Malicious Artifacts: One IP at a Time |
WEDNESDAY | 10:30AM |
ESI引擎漏洞挖掘 |
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking |
WEDNESDAY | 10:30AM |
钓鱼邮件安全意识 |
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection |
WEDNESDAY | 10:30AM |
Xori自动反编译分析恶意软件 |
Finding Xori: Malware Analysis Triage with Automated Disassembly |
WEDNESDAY | 10:30AM |
安全从业人员人文关怀 |
Holding on for Tonight: Addiction in InfoSec |
WEDNESDAY | 10:30AM |
SBOM物联网政策 |
How I Learned to Stop Worrying and Love the SBOM |
WEDNESDAY | 10:30AM |
恶意软件检测 |
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware |
WEDNESDAY | 10:30AM |
硬件钱包 |
Software Attacks on Hardware Wallets |
WEDNESDAY | 10:30AM |
Hyper-V漏洞挖掘 |
A Dive in to Hyper-V Architecture & Vulnerabilities |
WEDNESDAY | 11:15AM |
以太坊智能合约区块链漏洞挖掘 |
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths |
WEDNESDAY | 11:15AM |
深度学习神经网络做安全检测 |
Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools |
WEDNESDAY | 11:15AM |
机器人的法律探讨 |
From Bot to Robot: How Abilities and Law Change with Physicality |
WEDNESDAY | 11:15AM |
Keen team的iOS越狱 |
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous |
WEDNESDAY | 11:15AM |
Miasm工程框架 |
Miasm: Reverse Engineering Framework |
WEDNESDAY | 11:15AM |
JavaScript引擎内置的即时(JIT)编译器漏洞挖掘 |
New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers |
WEDNESDAY | 11:15AM |
黑客与压力 |
Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops |
WEDNESDAY | 11:15AM |
TRITON工控 |
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever |
WEDNESDAY | 11:15AM |
软件定义SD-WAN攻击 |
CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment |
WEDNESDAY | 1:30PM |
VPN攻击 |
Compression Oracle Attacks on VPN Networks |
WEDNESDAY | 1:30PM |
ICS防火墙 |
Deep Dive into an ICS Firewall, Looking for the Fire Hole |
WEDNESDAY | 1:30PM |
法律政策 |
Legal Landmines: How Law and Policy are Rapidly Shaping Information Security |
WEDNESDAY | 1:30PM |
地缘政治与恶意软件分析 |
No Royal Road … Notes on Dangerous Game |
WEDNESDAY | 1:30PM |
UEFI firmware固件攻击 |
Remotely Attacking System Firmware |
WEDNESDAY | 1:30PM |
无线SD卡攻击 |
Reversing a Japanese Wireless SD Card - From Zero to Code Execution |
WEDNESDAY | 1:30PM |
侧信道攻击解密 |
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers |
WEDNESDAY | 1:30PM |
汽车固件ECU攻击 |
There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently |
WEDNESDAY | 1:30PM |
检测twitter机器人 |
Don't @ Me: Hunting Twitter Bots at Scale |
WEDNESDAY | 2:40PM |
ROSE远程在线社工 |
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering |
WEDNESDAY | 2:40PM |
工作站到域控的攻击 |
From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it |
WEDNESDAY | 2:40PM |
Meltdown详解 |
Meltdown: Basics, Details, Consequences |
WEDNESDAY | 2:40PM |
黑客的心理健康 |
Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community |
WEDNESDAY | 2:40PM |
Sysmon高级玩法 |
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology |
WEDNESDAY | 2:40PM |
BMC攻击 |
The Unbearable Lightness of BMC's |
WEDNESDAY | 2:40PM |
威胁建模 |
Threat Modeling in 2018: Attacks, Impacts and Other Updates |
WEDNESDAY | 2:40PM |
WireGuard密码学攻击VPN |
WireGuard: Next Generation Secure Network Tunnel |
WEDNESDAY | 2:40PM |
iOS 11的async_wake漏洞利用 |
A Brief History of Mitigation: The Path to EL1 in iOS 11 |
WEDNESDAY | 4:00PM |
Meltdown漏洞响应的背后故事 |
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre |
WEDNESDAY | 4:00PM |
新型web攻击面path normalization漏洞挖掘 |
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! |
WEDNESDAY | 4:00PM |
工控网关漏洞 |
Breaking the IIoT: Hacking industrial Control Gateways |
WEDNESDAY | 4:00PM |
LET网络注入恶意包 |
LTE Network Automation Under Threat |
WEDNESDAY | 4:00PM |
针对用于移动和物联网设备的微软Cortana攻击 |
Open Sesame: Picking Locks with Cortana |
WEDNESDAY | 4:00PM |
GO语言漏洞 |
Squeezing a Key through a Carry Bit |
WEDNESDAY | 4:00PM |
X86架构下的提取漏洞 |
Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems |
WEDNESDAY | 4:00PM |
零信任网络的威胁 |
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? |
WEDNESDAY | 4:00PM |
AFL的盲点 |
AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries |
WEDNESDAY | 5:05PM |
加密货币IOTA的攻击 |
A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme |
WEDNESDAY | 5:05PM |
KVM Hypervisor安全设计 |
Back to the Future: A Radical Insecure Design of KVM on ARM |
WEDNESDAY | 5:05PM |
区块链分散和抗删除的域名技术对抗 |
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure |
WEDNESDAY | 5:05PM |
安全社区的X骚扰事件 |
How can Communities Move Forward After Incidents of Sexual Harassment or Assault? |
WEDNESDAY | 5:05PM |
开源工具ChipWhisperer-Lint在硬件侧信到攻击中使用 |
I, for One, Welcome Our New Power Analysis Overlords |
WEDNESDAY | 5:05PM |
腐败对信息安全社区的影响 |
InfoSec Philosophies for the Corrupt Economy |
WEDNESDAY | 5:05PM |
黑手党是否接管了网络犯罪 |
Is the Mafia Taking Over Cybercrime? |
WEDNESDAY | 5:05PM |
针对物理隔离Air-Gap的攻击 |
The Air-Gap Jumpers |
WEDNESDAY | 5:05PM |
安卓ARTist逆向分析工具 |
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware |
THURSDAY | 9:00AM |
网络安全的PTSD创伤后应激障碍 |
Demystifying PTSD in the Cybersecurity Environment |
THURSDAY | 9:00AM |
基于主机的Mac OS防火墙研究 |
Fire & Ice: Making and Breaking macOS Firewalls |
THURSDAY | 9:00AM |
WinVote Voting Machines必胜投票机取证 |
Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines |
THURSDAY | 9:00AM |
用网上情报资源预测支付欺诈 |
Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims |
THURSDAY | 9:00AM |
deception欺骗检测技术的弱点 |
Real Eyes, Realize, Real Lies: Beating Deception Technologies |
THURSDAY | 9:00AM |
BlackBerry产品安全管理经验 |
Stop that Release, There's a Vulnerability! |
THURSDAY | 9:00AM |
WebAssembly漏洞挖掘 |
The Problems and Promise of WebAssembly |
THURSDAY | 9:00AM |
YubiKey双因子 |
Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key |
THURSDAY | 9:00AM |
ATM机攻击设备 |
Black Box is Dead. Long Live Black Box! |
THURSDAY | 9:45AM |
SSO SAML漏洞挖掘 |
Identity Theft: Attacks on SSO Systems |
THURSDAY | 9:45AM |
内核攻击 |
Kernel Mode Threats and Practical Defenses |
THURSDAY | 9:45AM |
网络安全外交 |
New Norms and Policies in Cyber-Diplomacy |
THURSDAY | 9:45AM |
VSS备份特性攻击 |
Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots |
THURSDAY | 9:45AM |
iot领域蜂窝设备的漏洞挖掘 |
Snooping on Cellular Gateways and Their Critical Role in ICS |
THURSDAY | 9:45AM |
女网络安全工程师的招聘 |
The Science of Hiring and Retaining Female Cybersecurity Engineers |
THURSDAY | 9:45AM |
针对Windows Notification的攻击 |
The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet |
THURSDAY | 9:45AM |
构造语音认证攻击 |
Your Voice is My Passport |
THURSDAY | 9:45AM |
macOS MDM安全 |
A Deep Dive into macOS MDM (and How it can be Compromised) |
THURSDAY | 11:00AM |
对机器学习算法的攻击 |
AI & ML in Cyber Security - Why Algorithms are Dangerous |
THURSDAY | 11:00AM |
交易安全Trading Stocks |
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies |
THURSDAY | 11:00AM |
微码安全研究 |
Decompiler Internals: Microcode |
THURSDAY | 11:00AM |
检测恶意云账号行为 |
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities |
THURSDAY | 11:00AM |
针对OpenPGP and S/MIME攻击 |
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels |
THURSDAY | 11:00AM |
x86处理器的硬件后门 |
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs |
THURSDAY | 11:00AM |
医疗领域hl7协议漏洞挖掘 |
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives |
THURSDAY | 11:00AM |
移动端的监听技术 |
Stealth Mango and the Prevalence of Mobile Surveillanceware |
THURSDAY | 11:00AM |
自动驾驶的安全 |
Applied Self-Driving Car Security |
THURSDAY | 12:10PM |
视频水印的攻击 |
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service |
THURSDAY | 12:10PM |
智慧城市的漏洞挖掘 |
Outsmarting the Smart City |
THURSDAY | 12:10PM |
TLS 1.3安全 |
Playback: A TLS 1.3 Story |
THURSDAY | 12:10PM |
增强机器学习抗攻击能力 |
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks |
THURSDAY | 12:10PM |
域控攻击 |
So I became a Domain Controller |
THURSDAY | 12:10PM |
TLB的侧信道攻击 |
TLBleed: When Protecting Your CPU Caches is Not Enough |
THURSDAY | 12:10PM |
WebAssembly漏洞挖掘 |
WebAssembly: A New World of Native Exploits on the Browser |
THURSDAY | 12:10PM |
缓解speculative漏洞的故事 |
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities |
THURSDAY | 12:10PM |
关于DRAM的漏洞Rowhammer |
Another Flip in the Row |
THURSDAY | 2:30PM |
反序列化漏洞自动发现 |
Automated Discovery of Deserialization Gadget Chains |
THURSDAY | 2:30PM |
社工攻击研究 |
Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time |
THURSDAY | 2:30PM |
智能手机baseband攻击 |
Exploitation of a Modern Smartphone Baseband |
THURSDAY | 2:30PM |
自动漏洞利用(内核) |
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities |
THURSDAY | 2:30PM |
Autism Spectrum Disorder研究 |
How can Someone with Autism Specifically Enhance the Cyber Security Workforce? |
THURSDAY | 2:30PM |
SATCOM安全研究 |
Last Call for SATCOM Security |
THURSDAY | 2:30PM |
iot漏洞的合法责任 |
Legal Liability for IOT Cybersecurity Vulnerabilities |
THURSDAY | 2:30PM |
widnows Defender的仿真器 |
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator |
THURSDAY | 3:50PM |
mPOSl漏洞挖掘 |
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems |
THURSDAY | 3:50PM |
微软OSR团队对Hyper-V漏洞的挖掘 |
Hardening Hyper-V through Offensive Security Research |
THURSDAY | 3:50PM |
IoT恶意软件的综合调查分析框架 |
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies |
THURSDAY | 3:50PM |
通过深度学习来帮助侧信道攻击 |
Lowering the Bar: Deep Learning for Side Channel Analysis |
THURSDAY | 3:50PM |
大型机漏洞挖掘 |
Mainframe [z/OS] Reverse Engineering and Exploit Development |
THURSDAY | 3:50PM |
web缓存中毒攻击 |
Practical Web Cache Poisoning: Redefining 'Unexploitable' |
THURSDAY | 3:50PM |
小型组织创建SDL的实践 |
SDL That Won't Break the Bank |
THURSDAY | 3:50PM |
无线电紧急系统的攻击 |
SirenJack: Cracking a 'Secure' Emergency Warning Siren System |
THURSDAY | 3:50PM |
植入式医疗设备的漏洞挖掘 |
Understanding and Exploiting Implanted Medical Devices |
THURSDAY | 3:50PM |
docker攻击 |
An Attacker Looks at Docker: Approaching Multi-Container Applications |
THURSDAY | 5:00PM |
IBM的AI攻击DeepLocker研究DeepLocker - Concealing Targeted Attacks with AI Locksmithing |
DeepLocker - Concealing Targeted Attacks with AI Locksmithing |
THURSDAY | 5:00PM |
模糊测试Fuzz研究 |
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina |
THURSDAY | 5:00PM |
PHP的非序列漏洞研究 |
It's a PHP Unserialization Vulnerability Jim |
THURSDAY | 5:00PM |
NOC BH统计分析报告 |
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report |
THURSDAY | 5:00PM |
NOC报告 |
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report |
THURSDAY | 5:00PM |
Keen team对特斯拉攻击的分享 |
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars |
THURSDAY | 5:00PM |
TLS漏洞分析 |
Return of Bleichenbacher's Oracle Threat (ROBOT) |
THURSDAY | 5:00PM |
SDN的渗透测试框架 |
The Finest Penetration Testing Framework for Software-Defined Networks |
THURSDAY | 5:00PM |
移动恶意软件攻击技术分析 |
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library |
THURSDAY | 5:00PM |